Re: 790 appliance High Availability Configuration

Dick_Summers · ‎2019-11-03

790 WiFi appliance is in production with two Internet connections, and multiple defined objects and rules, local switch is defined and two WiFi segments, one guest and one with access to LAN.

I was advised to: 1) backup the existing 790 2) confirm both units have same firmware 3) flatten existing unit retaining existing firmware version 4) setup first unit as Primary HA 5) setup second unit as HA, 6) restore backup to newly created cluster to retain objects and rules.

When I restored the backup to the cluster, it brought back the objects and rules, but overwrote the cluster configuration and would not operate normally until the second unit was taken off line.

Question: Can I configure cluster from the existing device (with its rules and objects in place) by simply adding the second unit, or must I flatten the existing unit, create the cluster with both "bare" units, then recreate the objects and rules?

PhoneBoy · ‎2019-11-05

I don't know for sure, but it seems reasonable to try it after taking a fresh backup first.
Once the cluster is established, the configuration should synchronize from primary to secondary.

HristoGrigorov · ‎2019-11-06

No need to reset configuration on primary unit. You only need to complete First Time Configuration Wizard on secondary one (disable switch on LAN ports btw). Then connect sync cable. Proceed with configuring cluster on primary and then on secondary unit.

Make sure both units run the same firmware version.

Dick_Summers · ‎2019-11-06

Thanks for your input. I’ll give it a go this weekend.

Dick_Summers · ‎2019-11-06

Thanks for your input, I’ll give it a go this weekdend.

Dick_Summers · ‎2019-11-13

Thanks for your input. When choosing "Configure Cluster" from High Availability, the device would not respond. After an hour with TAC and no solution, I'll start from scratch configuring the new 790 as primary, install Internet connections, objects, and rules, then configure it as the primary cluster member.

HristoGrigorov · ‎2019-11-13

That's unfortunate to hear. There must be something really wrong to behave like that. Let us know what the outcome is.

Dick_Summers · ‎2019-11-17

I created the Primary member while off line, configured its objects, groups and rules, and brought it on line this morning as planned. I then reset the existing device to default settings with the same firmware, and ran the basic configuration. The cluster process worked as shown in the admin guide, without issues. After the cluster was created, I was able to create a WiFi for the LAN as well as a guest WiFi. Tests of the HA and ISP redundancy were successful. Thanks for the input.

HristoGrigorov · ‎2019-11-17

Happy to hear it. Although it could have been nice to find what the problem is. May be something in the local database was not right.

Dick_Summers · ‎2019-11-18

Interestingly, this morning the client called and reported Internet access was (mostly) down as well as email flow to and from their internally hosted mail server. The Sand Blast Threat Emulation. which would not activate yesterday, was now active, and apparently was causing problems, as traffic returned to normal when the Threat Emulation was turned off.

In addition, the WiFi configurations had changed; the Guest WiFi that was configured yesterday was inactive, its access policy had changed to allow access to the local network, its interface configuration had changed, and the additional (Standard) WiFi that was created for LAN users access yesterday, was nowhere to be found.

HristoGrigorov · ‎2019-11-18

I would start with checking /var/log/messages and /var/log/log/sfwd.elg. Also it is worth checking 'dmesg'. And look for possible *core* and *panic* files in /logs.

Are you a member of CheckMates?

790 appliance High Availability Configuration